And in some places I have worked you would now get the following... Were you authorised to show these people CutePDF? Who gave you permission to to install CutePDF on their machines? Did you fully evaluate CutePDF to certify that it is the Best of Breed? Are their security implications to using CutePDF? Who is now responible for maintaining CutePDF? Who is going to train users on its use? Has it been fully documented? Are change control and the standard image build team aware of this?
You're right...I was referring to more small to medium sized businesses that have a smaller, more workable type of bureaucracy...you usually find the above BS in larger corporations or universities, especially.
I agree. IT people should be more in tune with how the business works as well. This is where industry software and hardware often fall apart.
They have one of two things:
1. IT person creating business applications and hardware. They are technically superior, but miss the goals of the business partially, or entirely. Because of this, the business cannot run optimally.
2. A Business person creating business applications and hardware. They are technically inferior...sometimes so much to the point of not working half the time, but the ideas, and the process fit the business model.
Having IT people within the business that can identify what the user is trying to do, and how to do it, can help the IT person come up with better ideas of how to do it. When a user asks to fix a problem, don't just fix it, perhaps there is a better way of doing what they want.
Reminds me of a time when I was called in to fix some scanners and printers. After fixing them, they proceded to print a document, then scan it in, just to email it to a vendor. I politely showed them that CutePDF prints PDFs like a printer, and they can email it, saving a few steps and a lot of time. Now I try to engage the users in asking them what they want to accomplish.
I don't have DomainKeys set up, and I've never had any difficulty getting mail to users of any of those services.
Does your mail server deliver tens of thousands of messages per hour to those services? If you're talking about the occasional email, you're probably not hitting the threshold at which your delivery will be affected.
Some of my servers have been flagged at about 100 emails a day to multiple users at yahoo. Hotmail seems to be around the same too.
Yahoo even sends you a message saying they've blocked you and to check out their website for options.
Colonel Sandurz: Prepare the lawnmower for light speed. Dark Helmet: No, no, no, light speed is too slow. Colonel Sandurz: Light speed, too slow? Dark Helmet: Yes, we're gonna have to go right to ludicrous speed.
It doesn't matter since in this case, the people this guy works for asked for the passwords. He is completely free of guilt should they screw things up and no court would hold him responsible for doing exactly what his duties required him to do.
He never owned these passwords, the hardware, the systems, or the infrastructure he worked on. When the owners asked for the password, he should have noted his concerns, and given them up.
OK. While I don't agree with what Childs did - or is suspected of doing, I don't believe that "getting things in writing" is going to do any good either.
I don't know what kind of idealistic companies you work for, but the majority of companies, and small-to-medium ones at that, have no real recourse for bad decision making. Getting something in writing is only useful if you have the money to sue them after they fire you - because they will. And even if you sue, you need a judge and lawyers that understand technology for it to be successful.
What's that you say? If this is the outcome, perhaps he should have found another job earlier? Yes, sure, of course, whatever makes you feel better. The truth is, when push comes to shove, the Boss will get rid of anyone who can point the finger at him, and this is almost universal across companies.
How much of your life and data exists on a hard drive, CDROMS, and more under the cloak of proprietary code hidden from you?
I was referring to the practice of Google datamining your search and Internet history through the various methods they have in place.
Last time I checked, MS didn't upload the contents of your hard drive and CDROMs to their servers in order to sell you similar things. Throw up a packet analyzer on your network - do you see GBs of data going to MS? I don't think so...
"Hello?"
"Hi, It's MS calling, we noticed you put in a CDROM of Adobe Flash yesterday evening...we figured you might be interested in Silverlight instead?"
Because this is the equivalent of Google's practice with Adwords, Adsense, Analytics, Webmaster Tools, Search History, Google Toolbar, Gmail, etc...AND THEY TELL YOU THEY ARE DOING IT...
MS has some tricky things about them, yes, but the whole premise of the parent article is that Bing doesn't collect as much data, and use it against you (or for your own good!) like Google does.
When I saw that "funny" mockup of Google and the phrase "where are my fucking keys" - and google returns "on the fridge, where you left them dipshit" - I honestly thought this is where it is headed.
Google has made no secret of wanting to control the entire Internet experience for a user from content down to how you access that content. They have both sides of the market cornered, from a user and a webmaster's perspective.
They control most of the advertising, and they control (directly through analytics, or indirectly through adsense tracking) your website statistics. They know where a user goes to, and from, they know which sites. They know what you search for. If you've actually read the adsense terms, you'll know they tell you they use all the information they have on you to target advertisements...ON ANY SITE.
If you search for "buy a cadillac" and you then go to another website, if the cadillac ads are permitted to run on that site, it is likely you'll see them, or other ads Google has specifically targeted to you. It is no longer the job of the webmaster to do this.
I like Google, but the amount of information they have, if they DID decide to be evil, they would be the WORST company, because Microsoft holds absolutely nothing compared to what Google has on you.
charge you with a crime for just having 'anarchy' files today.
I've always wondered what would happen today if I searched for the cookbook...would I get flagged...who knows. I remember 15 years ago the thing was practically a staple for all kids on the Internet.
Neither is the technique that is being discussed in the article. Did you not even read the summary?
I was responding to the poster above me who suggested RAID.
If you believe that just because your archive data is on a tape, that it's safe, then you may have a nasty surprise some day when you go to restore important data from a tape that's several years old.
I know that. I was suggesting Tape was a more ideal solution due to the longevity of support from major server vendors, etc.
I also made a point to note that I had seen Tapes covered in mould that did not work.
If you had read my response to the parent poster in this conversation you would have seen I was responding to questions and suggestions posed not by the article, but by another poster.
RAID is not backup or archive. If you have a RAID1 system with bit errors on one disk - you now have them on the other disk.
Using more complex RAID configs does not necessarily solve the problem.
With archiving, the problem becomes apparent after you pull out your media after 7 years of not using it. Is that parallel ATA hard drive you stored it on still good? Do you have a connection for it? What about those zip and jazz drives you used? Do you have a method of reading them? Are those DVDs and CDs still good? Did you accidentally burn them using DirectCD years ago?
For any archiving solution tapes are still king. The LTO and Dat72 varieties have been around for a long time, and each manufacturer pledges a certain timeframe for device support and even more have services to retrieve files long after the storage media is unsupported.
Not many companies have temperature and moisture controlled vaults for archive storage - but still, people, use some common sense. I've seen tapes in such bad condition, growing mould because they've been stored under bathroom counters.
This will be interesting when soldiers begin to bluescreen on the battlefield.
Commanding Officer: So what happened out there? Soldier: Well, Bill got freaked out, said he didn't know what to do...said the simulation stopped whenever a baddy got too close. Commanding Officer: So what happened? Soldier: Well, he just froze up, completely. I hit him a couple times, even re(peatedly) booted him, nothing. Commanding Officer: Where's Bill now? Soldier: He finally reanimated and ran off screaming something about a pagefault.
Speaking of bogus blogs... What really ticks me off is if I'm searching for a answer to a technical problem, I often find the same message thread on 10 different sites. I wish google would realize these are all the exact same thread and combine them into a single response.
The problem I have with Googling technical problems is that the 10 sites that do show up often have all the wrong information.
I was searching for info on converting latin1 to utf8 to make a similar point, and I went through almost all the top 100 results before I got to a post that mentioned you needed to convert the content INSIDE the database as well...and that post didn't even mention how. There are about 20 Wordpress scripts that convert the databases from latin1 to utf8, but do so by converting the database itself. There is only one, and not popular, that converts the string types to binary first to save the content (special characters, etc), then converts the tables and database, then converts the string types back. I can't believe how much misinformation there is floating around. One person posts something and 100 people take it as gospel and post it on their blogs, while the technically correct info is posted on a website deep in the Google index because it hasn't been updated!
Sites that were hacked were done using an.htaccess user agent redirect. In a strange twist, IIS' web.config does not have that particular feature (well, with plugins, but not by default) so IIS is by-and-large not affected by this hack. Most of the sites had an.htaccess file that was writeable, in fact, many were chmod 777. Many CMS auto-upgrade scripts and url-rewrite plugins require a chmod 755 using apache's.htaccess file, but so many people just 777 it.
"... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."
I can relate to this. Around 2002 I received notice over a few files that a website had on one of my servers. I talked it over with the individual (owner) and he agreed it wasn't worth the effort and removed them. Everyone was happy.
I know/. regularly crucifies people who comply with these notices as wimps, corporate sellouts, etc, but when someone has to put food on the table, and really does not care about the content more than their own livelihood, then there really is no issue. This is why we have wikileaks, etc, so that individuals do not have to bear the brunt of responsibility for hosting these leaked files or other sensitive info.
In the case of COFEE, it was a 'stealing software' issue, and not a 'this is my right to leak this program' issue. Or maybe it is...maybe some reverse engineers can find out COFEE is putting innocent people beind bars?
Slashdot Mirror
you are a more hardened sysadmin than us all.
You have no idea...
http://xkcd.com/705/
Just wait until Apple partners with Sprint next year and releases the WiMax iPad.
Or they'll call it the MaxiPad
And in some places I have worked you would now get the following...
Were you authorised to show these people CutePDF? Who gave you permission to to install CutePDF on their machines? Did you fully evaluate CutePDF to certify that it is the Best of Breed? Are their security implications to using CutePDF? Who is now responible for maintaining CutePDF? Who is going to train users on its use? Has it been fully documented? Are change control and the standard image build team aware of this?
You're right...I was referring to more small to medium sized businesses that have a smaller, more workable type of bureaucracy...you usually find the above BS in larger corporations or universities, especially.
I agree. IT people should be more in tune with how the business works as well. This is where industry software and hardware often fall apart.
They have one of two things:
1. IT person creating business applications and hardware. They are technically superior, but miss the goals of the business partially, or entirely. Because of this, the business cannot run optimally.
2. A Business person creating business applications and hardware. They are technically inferior...sometimes so much to the point of not working half the time, but the ideas, and the process fit the business model.
Having IT people within the business that can identify what the user is trying to do, and how to do it, can help the IT person come up with better ideas of how to do it. When a user asks to fix a problem, don't just fix it, perhaps there is a better way of doing what they want.
Reminds me of a time when I was called in to fix some scanners and printers. After fixing them, they proceded to print a document, then scan it in, just to email it to a vendor. I politely showed them that CutePDF prints PDFs like a printer, and they can email it, saving a few steps and a lot of time. Now I try to engage the users in asking them what they want to accomplish.
It took me a couple minutes to realize the story was not about the Apple Newton, leading into the rumored Apple Tablet...
I didn't realize technology had such a hold on my perception of current and past events, as well as common sense.
I don't have DomainKeys set up, and I've never had any difficulty getting mail to users of any of those services.
Does your mail server deliver tens of thousands of messages per hour to those services? If you're talking about the occasional email, you're probably not hitting the threshold at which your delivery will be affected.
Some of my servers have been flagged at about 100 emails a day to multiple users at yahoo. Hotmail seems to be around the same too.
Yahoo even sends you a message saying they've blocked you and to check out their website for options.
Colonel Sandurz: Prepare the lawnmower for light speed.
Dark Helmet: No, no, no, light speed is too slow.
Colonel Sandurz: Light speed, too slow?
Dark Helmet: Yes, we're gonna have to go right to ludicrous speed.
It doesn't matter since in this case, the people this guy works for asked for the passwords. He is completely free of guilt should they screw things up and no court would hold him responsible for doing exactly what his duties required him to do.
He never owned these passwords, the hardware, the systems, or the infrastructure he worked on. When the owners asked for the password, he should have noted his concerns, and given them up.
OK. While I don't agree with what Childs did - or is suspected of doing, I don't believe that "getting things in writing" is going to do any good either.
I don't know what kind of idealistic companies you work for, but the majority of companies, and small-to-medium ones at that, have no real recourse for bad decision making. Getting something in writing is only useful if you have the money to sue them after they fire you - because they will. And even if you sue, you need a judge and lawyers that understand technology for it to be successful.
What's that you say? If this is the outcome, perhaps he should have found another job earlier? Yes, sure, of course, whatever makes you feel better. The truth is, when push comes to shove, the Boss will get rid of anyone who can point the finger at him, and this is almost universal across companies.
Or we could make a website where we all chill and talk about the latest news!
You mean all the news that's 3 days old? Why, we have /. already.
I'm surprised the fuckers haven't hired thugs to go around and burn down public libraries.
Who do you think sponsored Hitler's public book burnings?
How much of your life and data exists on a hard drive, CDROMS, and more under
the cloak of proprietary code hidden from you?
I was referring to the practice of Google datamining your search and Internet history through the various methods they have in place.
Last time I checked, MS didn't upload the contents of your hard drive and CDROMs to their servers in order to sell you similar things. Throw up a packet analyzer on your network - do you see GBs of data going to MS? I don't think so...
"Hello?"
"Hi, It's MS calling, we noticed you put in a CDROM of Adobe Flash yesterday evening...we figured you might be interested in Silverlight instead?"
Because this is the equivalent of Google's practice with Adwords, Adsense, Analytics, Webmaster Tools, Search History, Google Toolbar, Gmail, etc...AND THEY TELL YOU THEY ARE DOING IT...
MS has some tricky things about them, yes, but the whole premise of the parent article is that Bing doesn't collect as much data, and use it against you (or for your own good!) like Google does.
When I saw that "funny" mockup of Google and the phrase "where are my fucking keys" - and google returns "on the fridge, where you left them dipshit" - I honestly thought this is where it is headed.
Google has made no secret of wanting to control the entire Internet experience for a user from content down to how you access that content. They have both sides of the market cornered, from a user and a webmaster's perspective.
They control most of the advertising, and they control (directly through analytics, or indirectly through adsense tracking) your website statistics. They know where a user goes to, and from, they know which sites. They know what you search for. If you've actually read the adsense terms, you'll know they tell you they use all the information they have on you to target advertisements...ON ANY SITE.
If you search for "buy a cadillac" and you then go to another website, if the cadillac ads are permitted to run on that site, it is likely you'll see them, or other ads Google has specifically targeted to you. It is no longer the job of the webmaster to do this.
I like Google, but the amount of information they have, if they DID decide to be evil, they would be the WORST company, because Microsoft holds absolutely nothing compared to what Google has on you.
charge you with a crime for just having 'anarchy' files today.
I've always wondered what would happen today if I searched for the cookbook...would I get flagged...who knows. I remember 15 years ago the thing was practically a staple for all kids on the Internet.
There have been corresponding declines in the diagnosis of mental retardation.
If anything there has been a huge increase. They just call it different things - autism, down syndrome, middle management, liberal arts...
They should pump heat back into the ground in summer
This is why man invented global warming.
Neither is the technique that is being discussed in the article. Did you not even read the summary?
I was responding to the poster above me who suggested RAID.
If you believe that just because your archive data is on a tape, that it's safe, then you may have a nasty surprise some day when you go to restore important data from a tape that's several years old.
I know that. I was suggesting Tape was a more ideal solution due to the longevity of support from major server vendors, etc.
I also made a point to note that I had seen Tapes covered in mould that did not work.
If you had read my response to the parent poster in this conversation you would have seen I was responding to questions and suggestions posed not by the article, but by another poster.
RAID is not backup or archive. If you have a RAID1 system with bit errors on one disk - you now have them on the other disk.
Using more complex RAID configs does not necessarily solve the problem.
With archiving, the problem becomes apparent after you pull out your media after 7 years of not using it. Is that parallel ATA hard drive you stored it on still good? Do you have a connection for it? What about those zip and jazz drives you used? Do you have a method of reading them? Are those DVDs and CDs still good? Did you accidentally burn them using DirectCD years ago?
For any archiving solution tapes are still king. The LTO and Dat72 varieties have been around for a long time, and each manufacturer pledges a certain timeframe for device support and even more have services to retrieve files long after the storage media is unsupported.
Not many companies have temperature and moisture controlled vaults for archive storage - but still, people, use some common sense. I've seen tapes in such bad condition, growing mould because they've been stored under bathroom counters.
This will be interesting when soldiers begin to bluescreen on the battlefield.
Commanding Officer: So what happened out there?
Soldier: Well, Bill got freaked out, said he didn't know what to do...said the simulation stopped whenever a baddy got too close.
Commanding Officer: So what happened?
Soldier: Well, he just froze up, completely. I hit him a couple times, even re(peatedly) booted him, nothing.
Commanding Officer: Where's Bill now?
Soldier: He finally reanimated and ran off screaming something about a pagefault.
which makes for some interesting cognitive dissonance in those
who romanticize the old-school version but demonize the Somali version.
I'm guessing the reason why is that the Somali pirates don't look like Johnny Depp or Orlando Bloom...
Because being a Linux fanboy was too mainstream.
Wow, it takes talent to be modded offtopic on an offtopic conversation.
How DARE you break the terms of your agreement! Have we stooped so low? What next? Downloading of Movies, Music, etc?
Speaking of bogus blogs... What really ticks me off is if I'm searching for a answer to a technical problem, I often find the same message thread on 10 different sites. I wish google would realize these are all the exact same thread and combine them into a single response.
The problem I have with Googling technical problems is that the 10 sites that do show up often have all the wrong information.
I was searching for info on converting latin1 to utf8 to make a similar point, and I went through almost all the top 100 results before I got to a post that mentioned you needed to convert the content INSIDE the database as well...and that post didn't even mention how. There are about 20 Wordpress scripts that convert the databases from latin1 to utf8, but do so by converting the database itself. There is only one, and not popular, that converts the string types to binary first to save the content (special characters, etc), then converts the tables and database, then converts the string types back. I can't believe how much misinformation there is floating around. One person posts something and 100 people take it as gospel and post it on their blogs, while the technically correct info is posted on a website deep in the Google index because it hasn't been updated!
Sites that were hacked were done using an .htaccess user agent redirect. In a strange twist, IIS' web.config does not have that particular feature (well, with plugins, but not by default) so IIS is by-and-large not affected by this hack. Most of the sites had an .htaccess file that was writeable, in fact, many were chmod 777. Many CMS auto-upgrade scripts and url-rewrite plugins require a chmod 755 using apache's .htaccess file, but so many people just 777 it.
Nothing yet on the website. Only 8 rc3 released on November 12th.
But on the FTP there is something on Nov. 22 labelled as 8.0
ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/8.0/
"... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."
I can relate to this. Around 2002 I received notice over a few files that a website had on one of my servers. I talked it over with the individual (owner) and he agreed it wasn't worth the effort and removed them. Everyone was happy.
I know /. regularly crucifies people who comply with these notices as wimps, corporate sellouts, etc, but when someone has to put food on the table, and really does not care about the content more than their own livelihood, then there really is no issue. This is why we have wikileaks, etc, so that individuals do not have to bear the brunt of responsibility for hosting these leaked files or other sensitive info.
In the case of COFEE, it was a 'stealing software' issue, and not a 'this is my right to leak this program' issue. Or maybe it is...maybe some reverse engineers can find out COFEE is putting innocent people beind bars?